Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Rob de Jong (Azure AD IAM)

My feedback

  1. 42 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Networking » Bastion  ·  Flag idea as inappropriate…  ·  Admin →
    Rob de Jong (Azure AD IAM) supported this idea  · 
  2. 19 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  SQL Server » Bugs  ·  Flag idea as inappropriate…  ·  Admin →
    Rob de Jong (Azure AD IAM) supported this idea  · 
  3. 63 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →

    e cannot share any timelines right now. Our first iteration is to deploy and use a new service end point that would eventually be able to handle larger groups. It will likely take several months to get this deployed and tested before we can take a next step, which would be to increase the group size limit – probably to 250K members.
    If you want to be part of the private preview program, please reach out to me: rodejo@microsoft.com

    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    This feature is in public preview now, and we expect GA in the coming weeks. Please refer to the AADConnect online documentation for more details

    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    Update: we still are unable to provide an ETA, the team is working on fixing several bugs that prevent us form publishing this update.

    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    We're working on removing the 50k limit, expect more in a couple of months

  4. 718 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    78 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →

    Apologies for the lack of updates here. This work is still in progress; however, we do not have a public ETA to share currently. We will keep you updated as we get closer. Thanks!

    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    Update - we're still working on this, we expect to be able to update with a timeline in the next 3 months

    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    Hi - we're currently reviewing the best possible architectural solution for this, there are many dependencies on the attributes that are part of the Exchange schema extension for AD - but we do have a goal to get rid of these dependencies, hopefully in the coming months, for most of the scenarios.

  5. 20 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  5 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    We are currently studying this feature and will respond back here when we can tell you more about it.

  6. 14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  3 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    We're actually working on this now, you can expect a preview later this year.

  7. 272 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    38 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    The best way to enforce on premises password expiration policies is to switch over to Pass Thru Authentication. We're currently not planning to implement syncing the on prem authentication policies to AAD.

  8. 287 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    We advise customer who need this functionality today to switch their authentication method to Pass Thru Authenitcation. This is the only way to enforce that whatever password policies and states exist on prem will be used to validate a sign in request in AAD.
    There is no plan today to sync password expiration state (or disabled or lockout state, for that matter) from on premises AD to AAD>

    Please reach out to me or comment here to let me know if PTA is not a good solution for your customer.

  9. 699 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    115 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →

    We are aware of the requirement to be able to convert a synced user to cloud only and are designing that feature, but we have no timelines to share right now.
    We reverted the change that would block the “hack” to delete and restore a user to change a user to “Cloud Only”.

    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    To permanently stop syncing from on premises you can use the cmdlet "Set-MsolDirSyncEnabled –EnableDirSync $false".

    Read more: https://support.microsoft.com/en-us/help/2619062/you-can-t-manage-or-remove-objects-that-were-synchronized-through-the

    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    Curious - what is the use case for deleting a synced user in AzureAD? Given that the source of authority of that user object is on premises, we'd expect these accounts to get deleted in on premises AD (after which the deletion event would propagate to AzureAD).

    We are aware of the requirement to be able to convert a synced user to cloud only and are designing that feature, btw, but we have no timelines to share right now.

    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    Hi folks -

    I’m happy to get back to you with good news: based on customer response we decided to revert the bug fix that caused the issue you were seeing and this should now be fixed.

    Our apologies for any inconveniences this may have caused and thanks for your feedback here and working with us to get this resolved.

    Thanks,

    Rob

    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    Hi folks - You can reach out to me at rodejo@microsoft.com to have a more detailed discussion.

    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    Folks -

    When removing a user object from the sync scope in AD it is soft deleted in AAD - which is expected - but the DirSyncEnabled flag was also cleared.. This bug resulted in various serious issues when the object was restored in AAD and we fixed that bug.

    We're working on a new feature that would allow customers to change the Source of Authority of a user object from on prem AD to AAD and your help in defining the requirements for that feature would be highly appreciated.

    Can you please reach out to me and let me know what the use case is for which you need this change of source of authority?

    Thanks for your help!

    -Rob

  10. 8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    Makes sense, we're investigating this as a bug. No timeline to share right now.

  11. 305 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    36 comments  ·  Azure Active Directory » Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    Hi - this is not a feature we are planning in AADConnect. We're currently designing a new feature based on a new technology that would allow us to write back users and group from AAD to various different targets - AD, other directories, applications - and hope to be able to tell you more about it in the coming months.

  12. 227 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  Azure AD Team responded

    We are investigating what it would take to add support for multi-value attributes in Dynamic Groups to enable this and related scenarios.

    Kristina Bain Smith

    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    Hi - We're working with the teams who own the targeted services for multi-valued attributes to see how they can leverage multi-valued attributes.

  13. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Active Directory » PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    You can use Add-AzureADGroupMember for this

  14. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Active Directory » Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    Thanks, this is a useful addition to the feature, we'll add this to our plan

  15. 384 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Hi folks,
    Just a quick update here. We’re still actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.

    You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.

    Regards,
    Vince Smith
    Azure Active Directory Team

    An error occurred while saving the comment
    Rob de Jong (Azure AD IAM) commented  · 

    Yes, this is something that is in our plans

Feedback and Knowledge Base